Fix out-of-memory condition in conf
authorMatt Caswell <matt@openssl.org>
Fri, 10 Mar 2017 10:51:35 +0000 (10:51 +0000)
committerMatt Caswell <matt@openssl.org>
Sun, 12 Mar 2017 00:24:40 +0000 (00:24 +0000)
commitc2f9144e52a3168a6faca83839367b0adfedfc50
tree2cc341aa455be9be280c27e535af12d26b7bc4af
parenta3b56f2f43b4f405a7023f055520075e327501bd
Fix out-of-memory condition in conf

conf has the ability to expand variables in config files. Repeatedly doing
this can lead to an exponential increase in the amount of memory required.
This places a limit on the length of a value that can result from an
expansion.

Credit to OSS-Fuzz for finding this problem.

Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2894)
(cherry picked from commit 8a585601fea1091022034dd14b961c1ecd5916c3)
crypto/conf/conf_def.c
crypto/conf/conf_err.c
doc/apps/config.pod
fuzz/corpora/conf/0d7ad6e04c0235cdc590756ceec867a05cff5823 [new file with mode: 0644]
include/openssl/conf.h